✅ API & Web Services – Web Development Interview Q&A 🌐💬

1️⃣ What is an API?
Answer:
API (Application Programming Interface) is a set of rules defining how software components interact, like a contract for requests/responses between apps (e.g., fetching weather data). It enables seamless integration without exposing internals—think of it as a waiter taking orders to the kitchen.

2️⃣ REST vs SOAP – What's the difference?
Answer:
⦁ REST: Architectural style using HTTP methods, stateless, flexible with JSON/XML/HTML/plain text, lightweight and scalable for web/mobile—caches well for performance.
⦁ SOAP: Strict protocol with XML-only messaging, built-in standards for security/transactions (WS-Security), works over multiple protocols (HTTP/SMTP), but heavier and more rigid for enterprise legacy systems.
REST dominates modern APIs for its simplicity in 2025.

3️⃣ What is RESTful API?
Answer:
A RESTful API adheres to REST principles: stateless operations via HTTP verbs (GET for read, POST create, PUT/PATCH update, DELETE remove), resource-based URLs (e.g., /users/1), uniform interface, and caching for efficiency. It's client-server separated, making it ideal for scalable web services.

4️⃣ What are HTTP status codes?
Answer:
Numeric responses indicating request outcomes:
⦁ 2xx Success: 200 OK (request succeeded), 201 Created (new resource).
⦁ 4xx Client Error: 400 Bad Request (invalid input), 401 Unauthorized (auth needed), 403 Forbidden (access denied), 404 Not Found.
⦁ 5xx Server Error: 500 Internal Server Error (backend issue), 503 Service Unavailable.
Memorize these for debugging API calls!

5️⃣ What is GraphQL?
Answer:
GraphQL is a query language for APIs (from Facebook) allowing clients to request exactly the data needed from a single endpoint, avoiding over/under-fetching in REST. It uses schemas for type safety and supports real-time subscriptions—perfect for complex, nested data in apps like social feeds.

6️⃣ What is CORS?
Answer:
CORS (Cross-Origin Resource Sharing) is a browser security feature blocking cross-domain requests unless the server allows via headers (e.g., Access-Control-Allow-Origin). It prevents malicious sites from accessing your API, but enables legit frontend-backend comms in SPAs—configure carefully to avoid vulnerabilities.

7️⃣ What is rate limiting?
Answer:
Rate limiting caps API requests per user/IP/time window (e.g., 100/hour) to thwart abuse, DDoS, or overload—using algorithms like token bucket. It's essential for fair usage and scalability; implement with middleware in Node.js or Nginx for production APIs.

8️⃣ What is an API key and how is it used?
Answer:
An API key is a unique string identifying/tracking API consumers, passed in headers (Authorization: Bearer key) or query params (?api_key=xxx). It enables basic auth, usage monitoring, and billing—rotate regularly and never expose in client code for security.

9️⃣ Difference between PUT and PATCH?
Answer:
⦁ PUT: Idempotent full resource replacement (e.g., update entire user profile; missing fields get defaults/null).
⦁ PATCH: Partial updates to specific fields (e.g., just change email), more efficient for large objects—both use HTTP but PATCH saves bandwidth in REST APIs.

🔟 What is a webhook?
Answer:
A webhook is a user-defined HTTP callback: when an event occurs (e.g., new payment), the server pushes data to a registered URL—reverse of polling APIs. It's real-time and efficient for integrations like Slack notifications or GitHub updates.

💬 Tap ❤️ if you found this useful!

🔰 Python lambda functions

🔰 Python vs Java 🔰